[Nfd-dev] About NDNCERT's KDF
Zhiyi Zhang
zhiyi at cs.ucla.edu
Wed Apr 3 15:03:09 PDT 2019
Hi all,
I just checked the OpenSSL 1.0.2, I don't think pkcs5_pbkdf2_hmac_sha1
(Jeff T mentioned during Apr 3's NFD call) is exposed in 1.0.2.
Instead, I found this KDF in 1.0.2: EVP_BytesToKey (
https://www.openssl.org/docs/man1.0.2/man3/EVP_BytesToKey.html)
However, this website (https://www.cryptopp.com/wiki/OPENSSL_EVP_BytesToKey)
says
"
Early versions of EVP_BytesToKey used MD5, and later versions use SHA. MD5
is used in OpenSSL 1.0.2 and earlier. OpenSSL 1.1.0c and later use SHA-256
as the hash. Unless you have a specific need, you should not
use OPENSSL_EVP_BytesToKey. Rather, you should use a password derivation
function like HKDF or PBKDF2.
"
As we all know, MD5 has been deprecated as a crypto hash func, so my
personal opinion is not to use this EVP_BytesToKey as NDNCERT's KDF.
As pointed out here (
https://crypto.stackexchange.com/questions/50135/is-sha-2-suitable-for-key-derivation),
I think using a raw SHA256 should be fine for our NDNCERT's KDF purpose,
give the AES key will only be used in one cert request "session".
This will also avoid the OpenSSL version issue temporarily. When our NDN
Testbed adopts a newer version of OpenSSL. We can bring the HKDF back.
Best,
Zhiyi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20190403/ced41010/attachment.html>
More information about the Nfd-dev
mailing list